From: František Dvořák <valtri@civ.zcu.cz>
Date: Mon, 9 Jun 2014 14:25:03 +0000 (+0200)
Subject: More SELinux rules.
X-Git-Url: http://scientific.zcu.cz/git/?a=commitdiff_plain;h=af8ab671e55dda7b31050388147904918c6a1fc0;p=rubygem-passenger-packaging.git

More SELinux rules.
---

diff --git a/passenger.te b/passenger.te
index e2e43af..6105bda 100644
--- a/passenger.te
+++ b/passenger.te
@@ -26,10 +26,12 @@ allow httpd_t passenger_tmp_t:sock_file write;
 
 #============= passenger_t ==============
 allow passenger_t ifconfig_exec_t:file { read getattr open execute execute_no_trans };
-allow passenger_t locale_t:file getattr;
+allow passenger_t locale_t:file { getattr read open };
 allow passenger_t proc_net_t:file { read getattr open };
 allow passenger_t puppet_var_lib_t:dir { create rmdir };
 allow passenger_t puppet_var_lib_t:file { relabelfrom relabelto };
+allow passenger_t anon_inodefs_t:file { write read };
+allow passenger_t httpd_t:unix_stream_socket getattr;
 
 #!!!! This avc can be allowed using the boolean 'allow_ypbind'
 allow passenger_t self:tcp_socket listen;